Mobile Threats Targeting Your Small BusinessComputers aren’t the only devices that are at risk for security breaches. Small to midsized business (SMB) owners must be prepared to protect their companies from cyberattacks that target mobile devices, too. With more than 80% of employees using their personal phones, laptops, and tablets for business, the now standard ...

Mobile Threats Targeting Your Small Business

Computers aren’t the only devices that are at risk for security breaches. Small to midsized business (SMB) owners must be prepared to protect their companies from cyberattacks that target mobile devices, too. With more than 80% of employees using their personal phones, laptops, and tablets for business, the now standard practice of Bring Your Own Device (BYOD) has significantly increased the number of threats to data security.

Risk of Unsecured Device Use

Hackers are increasingly leveraging mobile apps and devices to access and compromise personal and business data.

In fact, the number of malware threats that target mobile devices has tripled in less than one year, reports Kaspersky Labs.

Mobile technology has transformed every employee into a walking security vulnerability at work, at home, and on the go. Whether connecting to unsecured public Wi-Fi networks, misplacing their devices, or clicking suspicious links, human error provides cybercriminals and identity thieves unwitting access to confidential business data.

Refresh Your Mobile Device Security

Whether employees are asked to use their own devices, or they are company-issued, creating a Mobile Device Policy can significantly reduce vulnerability. Your company’s policy will vary based on your industry, the level of personal client information you collect and store, and the individual employee (and perhaps even partner) access granted to sensitive information. For starters, encourage your employees to regularly update their operating systems to the latest version.

Investing in a mobile cybersecurity solution that pairs with identity theft protection is a powerful option for enhancing your company’s security processes.

Create Your Mobile Device Policy

Set rules about what business work can be done on personal devices and what work should be done only on company-owned devices.

Request that employees opt-in to a “Find My Device” service to remotely locate and securely erase devices if they are lost or stolen.

Require that all devices be password protected.

Read more spring cleaning tips in Part 1: Document Security. Stay tuned next month for Part 3 of our spring cleaning for your small business series.

With data breaches impacting organizations on what seems like a daily basis, there’s a very good chance that your personal information has been compromised — and once it is leaked onto the Dark Web, you are vulnerable forever. According to the 2018 End-of-Year Data Breach Report, the total number of data breaches decreased in 2018, however, ...

With data breaches impacting organizations on what seems like a daily basis, there’s a very good chance that your personal information has been compromised — and once it is leaked onto the Dark Web, you are vulnerable forever. According to the 2018 End-of-Year Data Breach Report, the total number of data breaches decreased in 2018, however, the number of stolen records climbed more than 126 percent. Not only is that a significant increase in the amount of Personal Identifiable Information (PII) that is now in the hands of cybercriminals, but it is also an indication that breaches have become larger, exposing more pieces of data per incident.

Many of us are experiencing data breach fatigue — the idea that individuals and organizations have become immune to the effects of data breaches and are less motivated to do anything to protect themselves. But while we are mistakenly putting our guard down, hackers continue to use our personal information for their own financial gain.

Credential Stuffing Attacks

One of the main ways that hackers utilize information stolen through data breaches is by credential stuffing, a cyberattack where large numbers of hijacked usernames, email addresses, and related passwords are used to attempt account logins at targeted web applications through an automated process. This is especially dangerous for consumers who use the same username and password combinations for multiple accounts.

In January of 2019, Have I Been Pwned? shared Collection #1, a database of 773 million unique pairs of email addresses and passwords that had been discovered circulating on a criminal forum on the Dark Web. Later that month, Collections #2-5, containing another 2.2 billion credentials, were also discovered. In February of 2019, 617 million stolen credentials from 16 websites were listed for sale on the Dark Web. That’s a lot of personal information up for grabs!

I Changed My Passwords. Am I Safe Now?

The simple answer is “no.” When the stolen data is your personal identity — your name, social security number, or other persistent record tied to who you are — it never expires. And, as long as cybercriminals continue to breach companies who collect such information, it is constantly being packaged, resold, and used for different malicious activities. Even your children are at risk.

A hacker recently contacted The Register to inform them that they were responsible for the leaked 617 million credentials I mentioned above. The cybercriminal stated that their goal is to make money and make hacking easier for others — at the cost of making the lives of their victims difficult. These communications are a clear display that hackers only care about profiting by selling our data, with no regard for the consequences for those affected.

How Can I Protect Myself?

Every organization is vulnerable to hacks, and it is important not to become complacent when it comes to protecting your identity. No matter how long ago you may have been affected, you never know when your personal information or login credentials will be used against you.

Tips to Protect Your Identity on the Dark Web

Don’t use the same password for multiple web sites. Use a password manager to generate unique credentials for every online account.

Use two-factor authentication. Requiring an additional level of security can often thwart hackers from gaining access.

Invest in identity theft protection. Make sure you and your family are protected now and into the future.

Cybercriminals are Playing DirtyOnline gamers of all ages may not realize the real-life dangers of sharing personal information, leaving them susceptible to vulnerabilities such as fraud, swatting, and identity theft.The Global Game Market Report estimates that downloaded, digital game revenues took 91% of the global video game market in 2018 ($125.3 billion), with boxed games ...

Cybercriminals are Playing Dirty

Online gamers of all ages may not realize the real-life dangers of sharing personal information, leaving them susceptible to vulnerabilities such as fraud, swatting, and identity theft.

The Global Game Market Report estimates that downloaded, digital game revenues took 91% of the global video game market in 2018 ($125.3 billion), with boxed games making up the remainder. This gamer ecommerce channel opens a massive gateway for cybercriminals to hack and commit fraud by preying on unsuspecting online players.

Game Over: Personal Information Exposed

As new games are introduced to the market, players’ excitement to jump into the latest adventure skyrockets—and so do the watchful eyes of cyberthieves. Young gamers are particularly vulnerable to fraud and are less likely to notice when their accounts have been hacked.

January 2019 was the second time in less than a year that Fortnite, one of the most popular online video games, experienced a security incident. In the most recent breach, the account information of over 80 million players was exposed. The revealed data allowed hackers to take over accounts, make purchases with the game’s virtual currency, and eavesdrop and record conversations among players.

Also in January this year, the usernames, email addresses, and passwords of 7.6 million of Town of Salem players was hacked through an unprotected game server.

Malicious Use of Shared Information

Personal information is not only stored by individual games but is often shared in seemingly innocent game chats that can take a turn for the worst. Spiteful players have used this PII to their advantage: taking over accounts to make in-app purchases, impersonating and damaging the victim’s online reputation, or stealing their identity for financial gains.

In a much more dangerous scheme, malicious gamers have used this shared personal information, such as a home address, to commit “swatting” attacks. Swatting, essentially a high-stakes prank, occurs when police receive a phony tip regarding illegal activity in progress at the victim’s location, causing the police or a SWAT team to show up unexpectedly — and usually in full-force — at the victim’s home. Swatting is a serious offense and perpetrators will face criminal charges.

Play Safe

Be aware, and stay vigilant, about the information you or your children share while playing your favorite online video games. Practice safe gaming habits to prevent falling victim to online threats.

Tips to Protect Yourself from Online Gaming Vulnerabilities

Beware of what is shared. Educate kids on what is considered personal information, and that it is not safe to share such details with strangers online.

Disable devices when not in use. Block and disable your video game console, webcams, and microphones when not in use.

Create an anonymous gamer tag. Refrain from using personal information such as real name, location, or age when creating your online gaming profile.

Avoid clicking suspicious links. Links received through a game chat or on your mobile device may contain malware designed to infiltrate your devices and accounts for hostile purposes.

Appropriately Secure and Dispose of Business DataIt may be February, but the first buds of spring are right around the corner. For your Small and Mid-Sized Business (SMB), the annual spring cleaning ritual doesn’t mean simply dusting off the shelves and organizing the supply closet. It’s also about forming secure habits for your business operations ...

Appropriately Secure and Dispose of Business Data

It may be February, but the first buds of spring are right around the corner. For your Small and Mid-Sized Business (SMB), the annual spring cleaning ritual doesn’t mean simply dusting off the shelves and organizing the supply closet. It’s also about forming secure habits for your business operations and protecting against data intrusions that could ultimately impact your organization’s name, and your bottom line.

What Types of Data Should I Secure?

If a document includes any type of Personally Identifiable Information (PII), your company is responsible for protecting it. Documents with critical data may include word processing documents, electronic spreadsheets, customer databases, financial files, human resources files, and accounts receivable/payable files. If this information were exposed through a data breach, it could spell financial and reputational disaster for you and your business.

Train Your Staff on Security Protocols

Whether you have one employee or 99, it’s crucial that you teach them how to securely handle documents and devices to keep your business protected. According to the 2018 Shred-It Report, 51 percent of SMB owners in the U.S. identify employee negligence as their biggest information security risk. Quite often minor mistakes are what lead to serious consequences — including data breaches and identity theft — and it is your responsibility as a business owner to safeguard all business, customer, and employee data within your organization.

Three Tips to Secure Your Business Data

1. Don’t leave documents out in the open. If an essential document requires a physical copy, keep it locked in a file cabinet. Only designated employees should have access to these documents.

2. Go paperless and save important files to a drive or secure cloud storage server. Make data backup part of your routine business operations.

Properly Dispose of Outdated Documents

After backing up and securing all important documents and data, secure disposal of documents your business no longer needs is vital to your information cleaning efforts. Every business holds different data, thus its’ important to distinguish the right way to dispose of outdated documents and machines.

Three Business Data Disposal Tips

2. Hard drives cannot simply be erased and recycled, they must be suitably destroyed before disposal.

3. Although penalties vary by state, avoid a hefty fine by following secure data disposal procedures that meet, or exceed, those requirements.

Devote the time to clean up your business documents to ensure your sensitive client and employee information is protected. Stay tuned next month for more tips on spring cleaning for your small business.

Tips to Clean Up Your Business Data

Research a Backup Cloud System. Make sure you are backing up your business data into a secure database.

Invest in a Hard Drive Destroyer. Solely erasing a computer’s memory is insufficient, as hackers can still recover the information. Be sure to use an R2 or e-stewards certified vendor for any disposal, shredding, or wiping to guarantee all data is securely destroyed.

Encrypt All Data. By encrypting your digital data, your information will be useless to hackers that attempt to attack your organization.

Protect Your Smart HomeThe Internet of Things (IoT) encompasses the billions of devices that are connected to the web all over the world. Smart home devices, like virtual assistants, make our lives more convenient but can also present serious security risks and personal intrusion. With over 7 billion connected IoT devices in use worldwide and ...

Protect Your Smart Home

The Internet of Things (IoT) encompasses the billions of devices that are connected to the web all over the world. Smart home devices, like virtual assistants, make our lives more convenient but can also present serious security risks and personal intrusion. With over 7 billion connected IoT devices in use worldwide and growing, there is no better time to secure your home against cybercriminals seeking information that could be used against you or your family, and lock down devices that may be collecting more information than you want to share.

Your Privacy and Security is at Risk

Your security camera knows when your children leave the house and when they return. Your fridge scans its belongings and places a grocery order when items are low. Your home is filled with the latest “Smart” speakers, medical devices, children’s toys and beyond — and all these gadgets hold important personal information that hackers are working to access. Although they seem harmless, home IoT devices and their mobile applications often have little to no security measures to prevent third parties and cybercriminals from accessing your personal information and monitoring your daily routine.

There were three times as many malware attacks on smart devices in the first half of 2018 as there were in all of 2017, according to a 2018 Kaspersky Lab’s Study.

Internet routers are the hub of connectivity for these devices, and they are relatively easy to hack. Once a router is breached, criminals can infiltrate all your connected devices. If you use a mobile app to run a smart home accessory, your family’s smartphones and all the information stored within may also be at risk.

What’s Happening with Your Data?

Our devices are constantly listening, watching, and gathering information. If cybercriminals can hack into your devices at home, the amount of data they can access is literally through the roof.

In December 2018, an Amazon member requested his personal data on file in accordance with the rights granted consumers by the General Data Protection Regulation (GDPR). Instead of his own data, he received a file containing someone else’s voice recordings — exposing detailed information about their job, use of public transportation and smart home devices, musical tastes, and personal information of their partner and friends.

A test by Consumer Reports found that all smart televisions are susceptible to intrusion by even the least skilled hacker, as well as collecting detailed information about your viewing habits. Malicious activity aside, through the automatic content recognition embedded in smart TVs, you are giving the manufacturer permission to track the shows you watch and then share that data with third parties for programming recommendations and ad targeting. And, it’s difficult to know what else they do with the aggregate data once it’s been compiled. They’re depending on the consumer not understanding the ramifications of those extensive terms and conditions agreements that give the manufacturer license to access and store your data.

Many smart device manufacturers are in the business of collecting and selling our information for corporate gain. Do your research to find out how and what kind of data is being collected and set limitations where possible. What would happen if that information landed in the wrong hands because of a security incident at one of those third-parties? It may be worth giving up some functionality of your smart device to keep your data private — and safe.

Tips to Protect Your Home IoT Devices

Before investing in smart home accessories, consider the risks associated with each new device. Be sure to purchase from manufacturers that have a strong reputation for security. Review the types of information gathered and change permissions to reduce the amount of accessible data, especially if the accessory includes a mobile app you install on your phone.

Safeguard Your Internet Router. Set up your router with a unique name and create strong passwords to prevent others from accessing your Wi-Fi.

Change Default Settings. Did your new device come with a default user name and password? Be sure to change the settings before you start using them.

New Year, New ThreatsNearly a month into 2019, many people have maintained their focus and motivation to revisit and reset their fitness plans. To achieve these goals, a great deal of us leverage applications and wearables, such as Fitbit and Apple Watches, to help keep track of workouts, meals, and progress.Although we all want to ...

New Year, New Threats

Nearly a month into 2019, many people have maintained their focus and motivation to revisit and reset their fitness plans. To achieve these goals, a great deal of us leverage applications and wearables, such as Fitbit and Apple Watches, to help keep track of workouts, meals, and progress.

Although we all want to stay driven to succeed, it’s important to understand that just like any other connected device, fitness apps and wearables are vulnerable to cybercrime.

When using these apps, you’re providing much of the same data as you would via social media platforms: login credentials, biometric data, geodata, and payment information, are just a few examples.

Many of us don’t think twice about sharing our personal data, but what would happen if your fitness app’s data were to get in the hands of cybercriminals?

A Look Back at the Past

Here are three major fitness apps that exposed personal information of their users in 2018:

Under Armour’s popular food and nutrition logging app, MyFitnessPal, compromised the usernames, email addresses, and hashed passwords of 150 million users, making it one of the largest data breaches to date.

The fitness community PumpUp disclosed email addresses, dates of birth, user’s location and users’ bio with full resolution profile photos.

Polar Flow, a fitness application with a security flaw, exposed sensitive information as well as geolocation details of its users, including soldiers and secret agents.

How to Stay Fit and Protected

Despite how helpful these apps can be, there is also a huge risk that your information will be infiltrated. Be aware of the kind of Personally Identifiable Information (PII) each application asks for and skip any unnecessary fields such as address or month and day of birthdate (year should be enough). Review and restrict the permissions you allow applications to access, such as microphone and photos, and only permit apps or wearables to track your location when you are exercising.

In 2019, the question is no longer if, but rather when, a mobile app will be compromised. It’s all too common a practice to download apps without reading the Terms and Conditions, meaning users are unaware of the permissions being granted to the developers and the type of information being shared. It’s critical to take control and prioritize your mobile safety to avoid becoming the next victim of identity theft.

Three Tips to Keep Your Personal Information Healthy

Update fitness apps and wearables. As companies patch their security vulnerabilities, out of date apps become defenseless.

Guard Your Business’ Tax InformationWith the continued adoption of going “digital,” small and mid-sized businesses (SMBs) they have become increasingly vulnerable to cybercrime. This transformation, combined with fewer checks and balances inherent with a smaller team, is one of the primary reasons why SMBs are ideal targets for data thieves every tax season.By making minor ...

Guard Your Business’ Tax Information

With the continued adoption of going “digital,” small and mid-sized businesses (SMBs) they have become increasingly vulnerable to cybercrime. This transformation, combined with fewer checks and balances inherent with a smaller team, is one of the primary reasons why SMBs are ideal targets for data thieves every tax season.

By making minor tweaks to their tried and tested fraud techniques, criminals can dupe small business owners and employees into falling for comparable cons each year. Here are some data scams targeting small businesses to be aware of as we approach the 2019 tax season.

Business-Related W-2 Scams

The IRS recently warned SMBs of the rising threat of W-2 scams, where hackers lure payroll and human resources professionals to share sensitive tax information via a bogus email. By the end of the email exchange, your employees’ W-2 Forms could be in the hands of cybercriminals, leading to company-wide tax fraud.

In another scam, companies applying for Employer Identification Numbers (EINs) are being tricked into signing up through fraudulent websites. Like your Social Security Number, your EIN is required for business bank, loan, and credit accounts as well as state and federal tax filing. Only apply for your EIN by filing a SS-4 Form through the IRS.

Red flags indicating your business identity has been stolen:

You’re rejected from requesting a tax extension or sending an e-filed return because a return with your company’s EIN is already on file.

You fail to receive expected communication from the IRS because fraudsters have changed the address on your application.

Scams Targeting Tax Preparers

Tax preparers are often small businesses, helping consumers and SMBs in their community to prepare on time and accurately. Their database is a treasure trove of tax information, making them a target for scammers, cybercriminals, and identity thieves this tax season.

In 2018, the IRS received five to seven reports per week from tax professionals that experienced data theft.

The IRS requires tax preparers to create and endorse a security plan to protect client data and their computer networks from the threat of a hack. If using a tax professional to prepare your business return, be sure to confirm their credibility by asking for their Preparer Tax Identification Number. And, don’t trust your business’ information to anyone without first verifying their CPA status.

IRS Services Limited Due to Government Shutdown

As the government shutdown continues with no end date in sight, small businesses are all wondering if tax returns will be postponed. The IRS claims it is “business as usual” and tax refunds will be issued, albeit likely delayed.

Due to very limited IRS availability, do not expect your tax-related questions to be answered while the shutdown continues. You may also experience a delay in receiving your Employer Identification Number (EIN), which interrupts your ability to process your business tax return and other financial obligations. As previously mentioned, don’t be tempted to trust third-party websites to create your EIN.

It’s always important to be alert and aware of how you are protecting your organizational, employee, and customer data, but it’s especially during tax season. Avoid damaging the trust of your clients and your business’ reputation by letting hackers penetrate your small business.

Tips to Protect Your Small Business from Tax Scams

Create a system of checks and balances. Have a trusted member of your executive team or an independent tax agent double check your processes.

Train employees to recognize W-2 phishing scams. The IRS will never call or email you for tax-related information. They will first contact your organization via carrier mail.

Keep up to date with the latest tax scams: The IRS keeps a running list of scams for consumers and businesses to be aware of, called “The Dirty Dozen”.

Fostering a Familial Digital ResilienceOur constant internet usage empowers cybercriminals to formulate countless methods for hijacking our personal information and then use it to commit identity theft and fraud. And, although different generations within a household may have different priorities online, all generations within the family are vulnerable.The start of a New Year is a ...

Fostering a Familial Digital Resilience

Our constant internet usage empowers cybercriminals to formulate countless methods for hijacking our personal information and then use it to commit identity theft and fraud. And, although different generations within a household may have different priorities online, all generations within the family are vulnerable.

The start of a New Year is a great time to emphasize the importance of safe online behavior for all those you care for and care about. Let’s review some safe practices that provide increased protection for keeping personal information secure.

Monitor & Influence Your Children’s Online Activity

How much time do your children spend scrolling and posting to social media, communicating using messaging apps, or playing the latest connected video game?

The Children’s Commissioners Who Knows What About Me report describes how children have their information plastered all over social media from an early age, reaching 70,000 images by the time they’re 18, thanks in part to parents sharing photos from birth to the point they create their own social accounts as teenagers.

It continues to be critical for parents to remind their children not to share their personal information with people they do not know — whether it is a stranger in the street or someone they have met online. As technology continues to innovate, children and parents need to be more aware of what they share and consider the consequences. The last thing your family needs is your child’s personal information leaked onto the dark web, where identity thieves can use it to severely weaken their future financial health.

Identity theft is not just an adult problem—kids are becoming victims at an alarming rate. According to Javelin’s 2018 Child Identity Fraud Study, more than one million children were victims of identity fraud in 2017. That same year, 39 percent of minors became victims of fraud, versus 19 percent of adults.

Three Tips to Protect Children Online

The first key to protection is knowledge. Here’s how to better understand what online activities your children are engaging in:

Place computers in high traffic areas and frequently review your children’s browser history to ensure they are visiting appropriate websites

Take the time to play the online games your kids are interested in, so you’re aware of the environment and interactions

Download parental control applications that allow you to approve or block apps your children want to download and manage in-app purchases

Parents Need Protection Too

Social media is a common online activity for people of all ages, but adults also use the internet for different purposes than their children. Whether working from home or online shopping, banking, and paying bills electronically, there are many more opportunities for their Personally Identifiable Information (PII) to become compromised.

In the U.S., 33 percent of adults have experienced identity theft, which is more than twice the global average.

Understanding your internet presence and where your personal data might live within the “cloud” or the broader web is also important. Revisit the information you may be sharing on online platforms and limit the opportunity of that information getting into the wrong hands.

Three Tips for Online Safety for Adults

Install a mobile threat defense solution on your phone that will alert you of rogue applications, spyware, and unsafe wireless connections

Never use public Wi-Fi when online banking or shopping

Refrain from having family members use your work-issued devices for personal reasons

Helping Grandparents and the Elderly

For years, seniors have been duped into sending checks and gift cards after receiving a tragic phone call from imposter grandchildren and friends. What makes us believe they are safe online? From email phishing scams asking them to update their Medicare account information to clicking on ads embedded with malware, the elderly population is a favorite target for cybercriminals.

In 2018, the Justice Department announced its largest-ever sweep of elder fraud cases, involving 250 defendants worldwide who victimized more than 1 million seniors out of more than $500 million.

Elderly are often less tech savvy than those of younger generations, and therefore more susceptible to scams online. It is up to the whole family to safeguard and educate them on safely surfing the web.

Three Tips to Protect the Elderly Online

Help the elderly members of your household with their online Medicare/Medicaid/Social Security and other virtual accounts

Educate seniors on how to detect a scam such as grammar and spelling errors on emails and ads that request personal information

Invest in antivirus and cybersecurity protection on all devices to protect against mobile and online threats

Safeguarding the Entire Family

Danger lurks where we least expect it, and cybercriminals are ready to take any opportunity to steal our information online. There’s no better time than a New Year to practice increased online safety.

Create complex passwords. Use a password manager to keep track of your passwords and make sure your family’s passwords are difficult to crack

Use a VPN software to encrypt data. Protect everyone’s devices against cyber vulnerabilities

Make sure your Wi-Fi is password protected. Be confident that your family can surf the web on a secure network

Keep up with the latest data breaches and scams. Ensure your family’s information is not in the hands of cybercriminals

2019 Tax Fraud | Keep Your Personal Information SafeAs the IRS cracks down on tax refund fraud, scammers will be innovating new ways to scheme taxpayers out of their hard-earned money this year. This tax season no one is safe — individuals, businesses, and even tax preparers should be extra cautious with their personal and ...

2019 Tax Fraud | Keep Your Personal Information Safe

As the IRS cracks down on tax refund fraud, scammers will be innovating new ways to scheme taxpayers out of their hard-earned money this year. This tax season no one is safe — individuals, businesses, and even tax preparers should be extra cautious with their personal and financial information.

As data breaches surge, the deluge of Personally Identifiable Information (PII) continues to flow into the hands of cybercriminals and malicious actors. Businesses maintain financial documents that include sensitive information fraudsters can use to impersonate the tax identity of employees and customers. One strike to an organization and the bad guys hit the jackpot!

In response to the prevalence of tax fraud in recent years, the IRS has partnered with state tax agencies and the tax community — including tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations and financial institutions — to form the Security Summit. The goal of the Security Summit is to combat identity-theft-related tax refund fraud to protect the nation’s taxpayers. But there are only so many fraudulent claims the IRS can catch. Cybercriminals continue to devise new and significant threats to consumers and businesses daily. To prevent becoming a victim of the next wave of inventive identity theft tax fraud and avoid a delay in receiving your tax refund, stay cautious of these emerging scams:

When Phishing Evolves

Scammers are notorious for sending out phishing emails this time of year, hoping to capture W-2 forms from organizations. The Security Summit warns that fraudsters are sending emails to businesses and individuals impersonating the IRS and enticing them to review an attachment labelled “Tax Transcripts”. Upon opening the attachment, Emotet — a type of malware — is installed on your device and can spread throughout an entire organization. The malware captures all financial information present, which can be used to fraudulently file tax returns.

Let’s not forget, fraudsters still use the old school method of impersonating executives within organizations to trick employees. Their tactic begins with an innocent email asking a payroll or Human Resource official for a favor and ends with employees’ W-2s being sent to a criminal. It is important to educate employees on how to detect phishing emails, and to never download unexpected attachments or click on links without verifying them first.

Evaluate Your Tax Professional

Year after year, warnings about dishonest tax return preparers make it to the IRS’s “Dirty Dozen” list of tax scams. With more than half of taxpayers using tax professionals to file their taxes every year, there is an increasing likelihood you may come across a less-than-honest return preparer. Beware of a tax professional promising a large tax refund. This is a warning sign they may be creating false expenses, deductions or credits, and may be an unscrupulous tax preparer.

Although the majority of tax professionals are legitimate, be sure to always ask for a Preparer Tax Identification Number — which is required by the IRS for all paid tax return preparers — and check their history with the Better Business Bureau or proper licensing authority. To protect yourself from potential identity theft, never give your tax documents, social security number, or other PII data to a preparer until you have verified their credibility. You don’t want a dishonest tax preparer to file your returns without your permission or to become subject to IRS penalties or jail time for the actions of a fraudulent tax professional.

Safeguard Your Identity Protection Pin

An Identity Protection Pin (IP PIN) is a six-digit code issued by the IRS used to verify a taxpayers’ identity when submitting a tax return. If you have been a victim of Tax Identity Theft or are a participant in the IRS IP PIN pilot program, the IRS will send you a CP01A Notice containing this IP PIN. The IRS will reject paper and e-filed tax returns if the IP PIN is incorrect or missing.

Protecting your pin is important. Do not share your IP PIN with anyone except for the verified tax preparer who is completing your return.

Criminals may attempt to request a new IP PIN if they have access to your PII or other sensitive information, including: mobile number, email address, social security number, filing status and address from a recent tax return, or a bank or credit card account number. Your IP PIN will renew every year, so watch for a new CP01A notice to arrive. If you lose your PIN, be sure to notify the IRS and request a new one right away.

Tips to Protect Yourself Against Tax Fraud

File your income taxes early in the season. Stay ahead of cybercriminals and lessen the opportunity for them to file a tax return using your personal information. If you have been issued an IP PIN, don’t forget to include it in your return!

Never open a link or any attachment from a suspicious email. The IRS will contact you by regular mail if they need to; they never communicate via email or phone without first mailing a letter.

Stay vigilant this tax season, especially if you believe your information may have been compromised. The last thing you want is the IRS reporting that your taxes have already been filed, or worse — receiving a notice that you’re being charged with tax evasion.

What if my Business is Next?Regardless of cybersecurity proficiency, no organization is safe from data breaches. That’s why it’s critical that every business develops and documents an Incident Response Plan. Your response plan will outline steps your organization should take if you suspect data has been compromised. The quicker your business follows the plan, the ...

What if my Business is Next?

Regardless of cybersecurity proficiency, no organization is safe from data breaches. That’s why it’s critical that every business develops and documents an Incident Response Plan. Your response plan will outline steps your organization should take if you suspect data has been compromised. The quicker your business follows the plan, the better off you will be, and you will be in position to mitigate the impact the data loss will have on your business.

According to the 2018 IBM Cyber Resilience study, 77% of businesses worldwide do not have an incident response plan applied consistently across their organization.

Reviewing recent 2018 breaches, you’ll begin to realize that even corporations such as Marriott, Amazon, USPS, Google+ and Facebook are susceptible to cybercrime. If fraudsters can infiltrate these large enterprises, imagine what they can do to small and medium-sized businesses (SMBs). It’s only a matter of time, and the time to prepare your organization is now.

Building Your Breach Response Team

It is critical that key personnel are trained and understand their responsibilities to effectively respond when a security breach occurs. By identifying and containing a breach you can save yourself a lot of money. Establishing an incident response team reduces the cost of a data breach by as much as $14 per compromised record.

When developing a data breach response plan, it is crucial that activities across teams are coordinated diligently to reduce the chances for unintentional errors.

IT and Security personnel should be continuously assessing your company’s data security gaps and training on how to detect vulnerabilities and apply necessary security measures. They are also the first responders for the containment and mediation of a breach. According to the 2018 Cost of a Data Breach Study by Ponemon, companies that identified a breach in less than 100 days saved more than $1 million compared to those that took over 100 days. A Legal Team may need to work alongside IT depending on the severity of the breach to identify legal obligations and provide advice.

Human Resources will serve as the frontline for communicating with employees, especially if their personal information was breached. They may also help equip employees with resources and best practices for further protecting themselves and their families (both before and after a reported security incident).

The Communications Team is accountable for notifying those impacted, as well as the press. They must work hand-in-hand with the Legal Team to make sure communications are timely and accurate, which can help to minimize the possibility of government-imposed fines from regulations such as GDPR and PIPEDA.

Developing a Breach Communications Plan

As a reputable business, you are responsible for notifying law enforcement, other affected businesses, partners, employees and customers of the potential information disclosed. Post data breach communications may include explaining how the incident occurred, what information was compromised, what actions have been taken to remedy the situation, and how your business intends on protecting affected individuals. It’s important to note that your employees or customers will respond with questions and that you should be prepared with answers, such as a formal Q&A document. In addition, be prepared for inquiries to surface via phone calls, e-mails, social media, and press. Keep your communication honest and timely as this will help you maintain strong relationships with your customers.

State and federal laws dictate the notification requirements of your business. Some states require immediate notification while others allow up to a 90 day grace period. The chances for litigations and fines are diminished as your business familiarizes with these requirements. Being timely with your notification also promotes an honest demeanor, helping protect your businesses reputation and helping avoid customer turnover.

Training and Awareness

For your Incident Response Strategy to be effective, employees should periodically practice with simulated breaches. If an event does occur, response team members should be familiar with the processes within the plan and ready to jump into action. When executing your plan, keep a keen eye on potential roadblocks and make improvements to the framework with every rehearsal. By making your Data Breach Response Plan a routine, you can help your organization be better prepared for an actual breach.

Proactive Tips for Businesses in Today’s Breach Environment

Be Prepared: Don’t wait until a breach occurs to create your Response Plan.

Protect Your Employees, Customers, and Partners: Arm your business with identity protection tools as an added layer of defense.

Practice Makes Perfect: When a breach occurs, it should not be the first time personnel are going through your business’ Incident Response Plan.